Create (and close) a new socket in rpc Connect, don't reuse one.

It appears that connecting more than one with the same nse_nsock socket leaks socket descriptor. For example, local s = nmap.new_socket() s:connect(host, port) --> TIMEOUT s:connect(host, port) --> TIMEOUT s:close() leaks a socket descriptor, the one used in the first connect. Nsock should really take care of this, but let's do this workaround because rpc-grind has been causing problems due to using the above pattern: http://seclists.org/nmap-dev/2012/q3/864 http://seclists.org/nmap-dev/2012/q3/872 http://seclists.org/nmap-dev/2012/q3/949 The difficulty is that the rpc library will tolerate around 400 of those timeouts per RPC connection, which leads to rapidly running out of descriptors.
2025-12-21 06:59:01 +00:00 · 2012-09-21 01:08:14 +00:00
parent f712477644
commit 23625913a8
1 changed files with 4 additions and 2 deletions
--- a/nselib/rpc.lua
+++ b/nselib/rpc.lua
@@ -164,26 +164,28 @@ Comm = {
        return status, err
      end
      if ( port.protocol == "tcp" ) then
-        socket = nmap.new_socket()
        if nmap.is_privileged() then
          -- Try to bind to a reserved port
          for resvport = 600, 1024, 1 do
+            socket = nmap.new_socket()
            status, err = socket:bind(nil, resvport)
            if status then 
              status, err = socket:connect(host, port)
              if status then break end
+              socket:close()
            end
          end
        else
          status, err = socket:connect(host, port)
        end
      else
-        socket = nmap.new_socket("udp")
        if nmap.is_privileged() then
          -- Try to bind to a reserved port
          for resvport = 600, 1024, 1 do
+            socket = nmap.new_socket("udp")
            status, err = socket:bind(nil, resvport)
            if status then break end
+            socket:close()
          end
        end
      end